Hack and Take the Cash !

Today, Microsoft is announcing the launch of a limited-time bounty program for speculative execution side channel vulnerabilities. This new class of vulnerabilities was disclosed in January 2018 and represented a major advancement in the research in(...)Read More

No technology is perfect, and Showmax believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in our product or service, we encour(...)Read More

Policy

CrowdStrike encourages researchers to follow responsible disclosure procedures when reporting security issues in our products, services, websites, or infrastructure. CrowdStrike is committed to engaging with the research community in(...)Read More

Rules

Organized Crime and Corruption Reporting Project (OCCRP; https://www.occrp.org/) is an investigative reporting platform formed by 24 non-profit investigative centers, scores of journalists and several major regional news organizatio(...)Read More

Policy

No technology is perfect, and SEMrush believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in our product or se(...)Read More

Welcome to AlienNation. We're on a mission to provide organizations throughout the universe with highly intelligent security that is affordable and simple to use.
To help out with our goals here at AlienVault, we look to our fellow security professio(...)Read More

Policy

Appendix 1: Program Policy

Please note, this is the suggested starting policy language for the program. Based on responses from the community of bug hunters, changes may be made throughout the testing period. All changes(...)Read More

Policy

I maintain a number of popular open source WordPress plugins which deal with user authentication and sensitive information. I believe that the more eyes that software sees, the more secure it can be. If you believe you've found a se(...)Read More

Policy

Google Analytics Dashboard for WP (GADWP) is an open-source plugin for WordPress which connects Google Analytics with your website. You can find source code at https://github.com/deconf/Google-Analytics-Dashboard-for-WP.

Respo

Policy

No technology is perfect, and Node.js believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in a third-party Nod(...)Read More

Policy

Welcome
Blockstack is building a new decentralized internet where users own their data and apps run without remote servers.
We're rethinking DNS, identity, authentication, and application infrastructure and worki(...)Read More

Policy

No technology is perfect, and we believe that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in Aspen, we encourage yo(...)Read More

Policy

bitwarden believes that working with security researchers across the globe is crucial to keeping our users safe. If you believe you've found a security issue in our product or service, we encourage you to notify us. We welcome work(...)Read More

Policy

No technology is perfect, and WINK believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in our product or serv(...)Read More

Policy

Razer looks forward to working with the security community to find security vulnerabilities in order to keep our businesses and customers safe. Razer will make a best effort to respond to incoming reports within 3 business days and(...)Read More

Policy

Google Play is working with the independent bug bounty platform, HackerOne, and the developers of popular Android apps to implement the Google Play Security Reward Program. Developers of popular Android apps are invited to opt-in t(...)Read More

Policy

Responsible disclosure

To join the program you should read this whole page, and only proceed if you are OK with everything.
If you disclose your findings responsibly, we will not bring any lawsuit against you or launch an(...)Read More

Policy

At Inflection, we're always looking for ways we can improve the security of our software. We know that no technology is perfect, and that's why we believe in working with the security community to find and squash vulnerabilities in(...)Read More

Policy

Headspace is participating in the Google Play Security Rewards Program. While we do not have a full disclosure program in place at this time, we are willing to accept reports that qualify for the Google Play Security Rewards Progra(...)Read More

Policy

Duolingo is participating in the Google Play Security Rewards Program. While we do not have a full disclosure program in place at this time, we are willing to accept reports that qualify for the Google Play Security Rewards Program(...)Read More

CCM Benchmark Group

CCM Benchmark Group is a french online media. We run a network with more than 40 sites in 13 languages, about high-tech, news, health, economy and more. We have more than 50 millions of visitors monthly.

Cryptobox provides businesses and organizations with a sharing and collaboration solution to secure internal and external exchanges, using end-to-end encryption. You can securely access your documents fro

TTS Bug Bounty

As part of its programmatic focus on security, the General Service Administration’s Technology Transformation Service (TTS) is pleased to welcome you to the first bug bounty program by a civilian federal agency. We look forw(...)Read More

Scope

This primarily exists to help us find critical vulnerabilities in the Monero and Kovri applications, which are written in C++, with some C and assembly, and QtQuick for the Monero GUI. We are not terribly interested in website vulner(...)Read More

1.Provide details of the vulnerability including information needed to reproduce and validate the vulnerability and also provide a Proof of Concept (POC)
2.Make a good faith effort to avoid privacy violations, destruction of data and interruption or(...)Read More

Policy

No technology is perfect, and Weblate believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in our product or s(...)Read More

Policy

If you find a severe security vulnerability such that you can access or modify another Mixmax user's data, you'll be rewarded with a free Mixmax Professional account for a year ($288 value!)
No technology is perfe(...)Read More

Policy

The Stellar Bug Bounty Program provides bounties for vulnerabilities and exploits discovered in the Stellar protocol or any of the code in our repos. We recognize the importance of our community and security researchers in helping(...)Read More

Out of Scope Vulnera

Policy

We are launching a Bug Bounty program for ICQ, starting with covering most significant vulnerabilities as a first step.
Therefore, at the first stage we invite the most experienced bug hunters and do not accept reports related to u(...)Read More

Policy

Unikrn built the most technologically advanced sportsbook for esports. We run the best fully-regulated and licensed esports bookmaker on the planet. No technology is perfect, and Unikrn believes that working with skilled security re(...)Read More

Policy

Bitvise wishes to motivate security researchers to look for and report security issues in Bitvise SSH Server and Client for Windows. A range of bounties are available, depending on the severity of the issue reported:
* Cr(...)Read More

Big Monocle Bug Bounty Program

Big Monocle recognizes the importance of security researchers in helping keep our community safe. We encourage responsible disclosure of security vulnerabilities via our bug bounty program described on this p(...)Read More

The Tor Project is committed to working with security experts across the world to stay up to date with the latest security techniques. If you have discovered a security issue that you believe we should know about, we'd welcome working with you.
T(...)Read More

Policy

We believe that working with experienced security researchers across the globe is fundamental to identifying weaknesses in our technology and essential for keeping our products and our users safe.
If you believe you've found a secu(...)Read More

Policy

Security is a top priority at Grab. We believe that no technology is perfect and that working with skilled security researchers across the globe is crucial in identifying weaknesses in our technology. If you believe you've found a s(...)Read More

Patch Reward Program Rules

On October 9, 2013, we announced a new, experimental program that rewards proactive security improvements to select open-source projects. This effort complements and extends our long-running vulnerability reward(...)Read More

Coordinated Disclosure Guidelines

- Please let us know as soon as possible upon discovery of a potential security issue, and we’ll make every effort to quickly correct the issue.
- Provide us a reasonable amount of time to respond and/o(...)Read More

No technology is perfect, and Teradici believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in our product or service, we encou(...)Read More

PLEASE READ THE PROGRAM IN FULL DETAIL - ESPECIALLY THE TARGETS, NON TARGETS AND INVALID VULNERABILITIES SECTIONS!
MAPSMARKER.COM/STORE/* IS ALSO A NON TARGET SO PLEASE DO NOT CREATE TEST USERS FOR THE CUSTOMER AREA!
No technology is perfect, and we(...)Read More

Cuvva is a new kind of insurance company - focussing on technology and customers first, finance second. Part of this is building all our systems entirely in-house, which - of course - can present new risks.
Security is our highest priority and we(...)Read More

Being pro-active rather than re-active to emerging security issues is a fundamental belief at Volusion. Every day new security issues and attack vectors are created. Volusion strives to keep abreast on the latest state-of-the-art security developmen(...)Read More

About NETGEAR Cash Reward Program

NETGEAR’s mission is to be the innovative leader in connecting the world to the internet. To achieve this mission, we must earn and maintain our customers’ trust by protecting the privacy and security of(...)Read More

WordPress.org is an open-source publishing platform: https://wordpress.org/. You can find source code at https://wordpress.org/download/source/. We also welcome reports for the open-source projects BuddyPress (https://buddypress.org/), bbPress (htt(...)Read More

No technology is perfect, and Homebrew believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in our product or service, we encou(...)Read More